081902def9fa9d66b323b63d708f7750334aa364ecab14fbf85f41c14f13d37c

Analysis

max time kernel
79s
max time network
83s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
08/07/2024, 15:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

start.py
Size

70KB
MD5

a8284c3af28b2505538d958bba149007
SHA1

a39ecb2e764bf8d895b734e9a7117dd815e3d362
SHA256

081902def9fa9d66b323b63d708f7750334aa364ecab14fbf85f41c14f13d37c
SHA512

98f077139ccb64f474f80c096f76e9f8a5c64606970d1527b87cabe91339cfc90d320833089123b49d48734ad883f7a55c48db0d8e44f0aaa4eab35897914a85
SSDEEP

768:qry5gW84uiv6xfJr121pO7u6Tkhw4RgfADHdYq9ygWgYB:qrmnAxfJxIpO7XwhwIqkYq9LfYB

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4160	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\start.py
1⤵
- Modifies registry class
PID:3428

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...